premiso

It increments on it's own, accessing it like the above will grab the ids from the checkboxes where the name is id. So yea the source will not increment, but when it is posted it will.

<?php if (isset($_POST['id']) && is_array($_POST['id'])) { foreach ($_POST['id'] as $key => $val) { foreach ($val as $val2) { $ids[] = $val2; } } $ids = implode(", ", $ids); mysql_query("UPDATE table_name SET col1 = 'test' WHERE id IN(" . $ids . ")"); }else { echo 'No POST data'; } Chances are it was because the post data wasnt there. Try that and see what happens.

Second that! =) That tidbit of information helps me out a ton with RegEX too. Thanks!

echo '<a href="sell.php?item="' . $row['item'] . '">' . $row['item'] . "<BR />"; Forgot a ' before the . $row Basically you would access that variable in sell.php by $_GET['item']

You want to know the truth? They get it from learning the language and "googling" exploits. The only way to know your code is secure is to learn from other people's mistakes honestly. An exploit is unknown to most until someone actively "stumbles" upon one. Like I said before, as long as you follow PHP standards, do not allow register_globals to be on and code for it not being on, defining your values verifying your data before you execute it or insert it into a DB, and making sure you are not on a shared host (those are just security flaws in their self) and making sure your server box is secure it is all relevant. Honestly you would just be wasting money buying a book. http://www.google.com/search?hl=en&q=php+security&btnG=Search Should provide you with more than enough information. I would bet, 100 times over that any book you buy will not have every security and it is outdated with PHP 4 or even PHP 3 code. But if you want to waste money on it... http://www.google.com/search?hl=en&q=php+security+books&btnG=Search Google is your key friend.

It can... <?php error_reporting(E_ALL); $file = file_get_contents('http://tv.bascalie.ro/program~data-20-decembrie-2008~post-pro-tv.html'); $matches = split('<tr style="background-color:#cccccc;">', $file); $matches = split('</table>', $matches[1]); echo $matches[0]; ?> That should work lol. =)

It all depends on what type of security you want? AJAX, jQuery is very secure with examples of how to properly secure code. Generally speaking, mysql_real_escape_string on data coming from a form in the database is best practice, and any checks you do with javascript do again before entering them into a database. Also look into html_entities for comments and what not to prevent XSS injection etc. As far as books, I have no clue if there are any, if there are I dunno how good/accurate they are.

I see. Not a problem, unfortunately I am not great at Regex, but from what I know I think you are being too descriptive..... preg_match_all('/<tr style=\"background-color:#cccccc;\">(.*)<\/table>/', $file, $matches, PREG_SET_ORDER); Unsure if that will work, but yea. Probably would have been better posting in the regex forum ^.-

<?php session_start(); if(isset($_SESSION['otherusername'])){ $db=mysql_connect('localhost', 'root', ''); $res=mysql_select_db('textgame',$db) or die(mysql_error()); $otherusername = $_SESSION['otherusername']; //"SELECT item FROM users_items WHERE username='".$Username."'"; $res=mysql_query($otherusername)or die(mysql_error()); while($row = mysql_fetch_assoc($res)){ echo '<a href="sell.php?item=" . $row['item'] . '">' . $row['item'] . "<BR />"; } }else{ echo "Sorry your not a member please join us!"; } ?> You will have to create a "sell.php" to see the item, probably have a confirmation for them, ask them if they really want to sell it.

Be so kind as to inform us what line 12 is. The undefined offset, usually means that you are trying to print an element of an array that is not there.

lol But you are missing the point! Anyhow, not knowing how your setup is (if you have one). Here is a "sample" install script. The following is for "signup.php" <?php session_start(); $installForm = '<form name="install" method="POST" action="signup.php">'; if (isset($_POST['process'])) $process = validateData($_POST, $_POST['process']); if (isset($_SESSION['error'])) { $installForm .= '<span id="error">' . $_SESSION['error'] . '</span><br />'; unset($_SESSION['error']); // reset the error data } if (!isset($_POST['process']) || $_POST['process'] == 0) { $installForm .= '<input type="text" name="username" value="' . (isset($_SESSION['username']))?$_SESSION['username']:"" . '" />'; $installForm .= '<input type="hidden" name="process" value="1" />'; $submitText = "Proceed to Step 2"; }elseif ($_POST['process'] == 1) { $installForm .= '<input type="password" name="password" value="' . (isset($_SESSION['password']))?$_SESSION['password']:"" . '" />'; $installForm .= '<input type="hidden" name="process" value="2" />'; $submitText = "Proceed to Step 3"; }elseif ($_POST['process'] == 2) { $installForm .= '<input type="phone" name="phone" value="' . (isset($_SESSION['phone']))?$_SESSION['phone']:"" . '" />'; $installForm .= '<input type="hidden" name="process" value="3" />'; $submitText = "Finish This!"; }elseif ($_POST['process'] == 1) { header("Location: thankyou.php"); // tell them thank you. } $installForm .= '<input type="submit" value="' . $submitText . '"/></form>'; echo $installForm; function validateData($data, $process) { switch ($process) { case 1: if ($data['username'] == "") { $_SESSION['error'] = "Username is empty"; return 0; }else { $_SESSION['username'] = $data['username']; return 1; } break; case 2: if ($data['password'] == "") { $_SESSION['error'] = "Password is empty"; return 1; }else { $_SESSION['password'] = $data['password']; return 2; } break; case 3: if ($data['password'] == "") { $_SESSION['error'] = "Phone is empty"; return 2; }else { $_SESSION['phone'] = $data['phone']; return 3; } break; // etcc.... } } ?> There you go.

exec I think those are the functions available with that mod enabled (unsure) but yea, usually it is enabled by default. For running it as a different user, you would probably create a script on your machine (unix) that would log the other user in, execute the program, then logout. How to accomplish that part, I am not sure (I only code in shell when I have too) Check a UNIX forum for that answer =)

round

ok thanks. I'll change it to timestamp. When I change, will it still be the same, ORDER BY copyrightDate? Probably need the DESC after it like Maq mentioned.

ORDER BY copyrightDate I think that should do the trick on it's own. If not try adding DESC or ASC after copyrightDate and see if that gets you what you are after. btw, that is a really bad format to store the time in. Timestamp is way more flexible and preferred =)

if ($_SERVER['REQUEST_METHOD'] != 'POST') { <form id="submit1" method="post" action="signup1.htm"> //form fields, etc <input class="normal" type="submit" value="Proceed to Next Step"/> <input type="hidden" name="process" value="1"/> </form> } else if ($_POST['process'] == 1) { <form id="submit2" method="post" action="signup1.htm"> //form fields, etc <input type="submit" value="Proceed to Final Step"/> <input type="hidden" name="process" value="2"/> </form> } else if ($_POST['process'] == 2) { <form id="submit3" method="post" action="signup1.htm"> //form fields, etc <input type="submit" value="Submit Form"/> <input type="hidden" name="process" value="3"/> </form> } That would probably be a simpler way of doing it, keep process the same, just change the value. If I get bored here in a second I will draft up a much better solution =)

foreach ($_POST as $key => $val) { if ($key == "id") { foreach ($val as $val2) { $ids[] = $val2; } } } $ids = implode(", ", $ids); mysql_query("UPDATE table_name SET col1 = 'test' WHERE id IN(" . $ids . ")");

$time1 = 1229604696; $time2 = 1229604675; $diff = $time1 - $time2; $minutes = floor($diff * 60); $seconds = round($diff/60, 0); echo $minutes " Minutes and<br />"; echo $seconds " Seconds since.<br />"; EDIT: Modified to show seconds remaining instead of total seconds.

echo "<table>"; $handle = fopen($url, "r"); while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { echo "<tr>"; foreach($data as $d) echo "<td>$d</td>"; echo "<td><a href=\"{$data[0]}.jpg\" onclick=\"window.open('{$data[0]}.jpg','','status=0,toolbar=0,location=0,menubar=0,directories=0,width=350,height=250'); return false;\">View</a></td>"; echo "</tr>"; } fclose($handle); echo "</table>"; Needed to escape the quotes around the href= portion.

Sorry about that, it is hard to know how much you know, especially since you are relatively new. Do you know how the text is being entered into the text file? Like is html_entities is being used or if it is being entered using utf8_encode ? Not sure of either of those would help you out or not....

Look into PEAR::Mail or phpMailer. I believe both allow SMTP.

Change all of "$HTTP_POST_VARS" to "$_POST" $HTTP_POST_VARS is depreciated.

It's because I read that although it works in most cases, there can be problems if a user's timezone is set wrongly. source: http://www.freewebmasterhelp.com/tutorials/cookies/2 I could see that. You could do this to thwart that issue... setcookie('cookieName', '', time()-(3600*48), "/"); // set it to 2 days behind =)

lol agreed. I actually found the example in the user comments to figure that out. I never understood what the ob_'s purpose was before until I saw that and was like AHHH! =)

setcookie('cookieName', '', time()-3600); That would be easier than the mktime. But the reason is you did not specify the path when creating the cookie. Try specifying the path and using this: setcookie('cookieName','cookieValue',time()+3600, "/"); // for one hour at path / setcookie('cookieName', '', time()-3600, "/");